public class ProxyTrustVerifier extends Object implements TrustVerifier
ProxyTrust
and RemoteMethodControl
. If a bootstrap proxy (or a
derivative of it) is known to be trusted, a remote call is made through it to obtain a trust
verifier for the original service proxy. This class is intended to be specified in a resource to
configure the operation of Security.verifyObjectTrust
.
com.sun.jini.impl - This implementation uses the Logger
named
net.jini.security.trust
to log information at the following levels: Level | Description |
---|---|
FAILED | no verifier is obtained from a ProxyTrustIterator |
HANDLED | RemoteException being passed
to ProxyTrustIterator.setException |
FINE | ProxyTrust.getProxyVerifier remote call returns a trust verifier |
FINER | an object with a getProxyTrustIterator method is
encountered |
FINER | each object produced by a
ProxyTrustIterator and each derivative bootstrap proxy |
TrustVerifier.Context
Constructor and Description |
---|
ProxyTrustVerifier()
Creates an instance.
|
Modifier and Type | Method and Description |
---|---|
boolean |
isTrustedObject(Object obj,
TrustVerifier.Context ctx)
Returns
true if the specified object is known to be trusted to correctly
implement its contract; returns false otherwise. |
public boolean isTrustedObject(Object obj, TrustVerifier.Context ctx) throws RemoteException
true
if the specified object is known to be trusted to correctly
implement its contract; returns false
otherwise. This method returns
false
if the caller context collection of the specified trust verifier context
does not contain a MethodConstraints
instance with non-empty constraints for the
ProxyTrust.getProxyVerifier
method, or if a
TrustVerifier
cannot be obtained from the specified object using the steps
described below. Otherwise a TrustVerifier
is obtained, its isTrustedObject
method is called with the same arguments
passed to this method, and the result of that call is returned by this method; any exception
thrown by that call is thrown by this method. If a verifier cannot be obtained but one or
more of the intermediate operations involved in attempting to obtain one throws a
RemoteException
, the last such RemoteException
is thrown by this
method (rather than this method returning false
). If any intermediate operation
throws a SecurityException
exception, that exception is immediately thrown by
this method.
A verifier is obtained from a candidate object as follows.
static
member method with
signature:
ProxyTrustIterator getProxyTrustIterator();or the candidate object is an instance of a dynamically generated
Proxy
class and the
contained invocation handler's class has such a member method, then the
getProxyTrustIterator
method is called (on the candidate object or its
invocation handler). For each object produced by the next
method of the returned iterator, the following substeps are used, until either a verifier is
obtained or the iteration terminates. If no verifier can be obtained from any object produced
by the iterator, then there is no verifier for the candidate object. For any given object
produced by the iterator, if a verifier cannot be obtained from the object but an
intermediate operation involved in attempting to obtain a verifier throws a
RemoteException
, that exception is passed to the setException
method of the iterator, and the iteration
continues. The getProxyTrustIterator
method and the
ProxyTrustIterator
methods are all invoked in a restricted security context. If
the specified trust verifier context contains an UntrustedObjectSecurityContext
instance, then the security context returned by its getContext
method is used. Otherwise, the security context used is equivalent to the current
security context (as returned by Security.getContext
) with an additional protection domain combined into the access control
context that contains an empty CodeSource
(null
location
and certificates), null
permissions, null
class loader, and
null
principals.
ProxyTrust
and RemoteMethodControl
(that is, if the object is a bootstrap proxy), it
is verified for trust by calling the specified context's isTrustedObject
method with the
object. If isTrustedObject
returns true
, then the object's getProxyVerifier
method is called, using as the client
constraints for the remote call the first MethodConstraints
instance obtained
from the caller context collection (of the specified trust verifier context) that has
non-empty constraints for that getProxyVerifier
method. The verifier returned by
that remote call is the verifier for the original top-level object, and the entire search
stops. If isTrustedObject
returns false
, but a verifier can be
obtained from a trusted derivative bootstrap proxy as described below, then that verifier is
the verifier for the original top-level object, and the entire search stops. Otherwise, no
verifier can be obtained from the object, and the iteration continues. ProxyTrust
instance, it is in turn treated as a new candidate object, and
the complete set of steps for a candidate object are used recursively to obtain a verifier
from it. If a verifier can be obtained from it, that verifier is the verifier for the
original top-level object, and the entire search stops. If a verifier cannot be obtained from
it, the iteration continues. ProxyTrust
and
RemoteMethodControl
(that is, if the original top-level object is itself a
bootstrap proxy), and a verifier can be obtained from a trusted derivative bootstrap proxy as
described below, that verifier is the verifier for the original top-level object, and the
entire search stops. ProxyTrustVerifier
(not including the current one) in this thread; the bootstrap
proxy is an instance of a dynamically generated Proxy
class; neither the proxy's
class nor the invocation handler's class has an appropriate getProxyTrustIterator
method; the class loader of the proxy's class is the proper Java(TM) RMI class loader (as
defined below) for its parent class loader and the class's codebase (as produced by RMIClassLoader.getClassAnnotation
); and both
ProxyTrust
and RemoteMethodControl
are loadable by the parent class
loader. The derivative that is produced is an instance of a dynamically generated
Proxy
class defined by the parent class loader that implements both
ProxyTrust
and RemoteMethodControl
and contains the same invocation
handler as the bootstrap proxy. The derivative is a trusted derivative bootstrap proxy if
calling the specified context's isTrustedObject
method with the derivative
returns true
. If a trusted derivative bootstrap proxy can be produced, its
getProxyVerifier
method is called, using as the client
constraints for the remote call the first MethodConstraints
instance obtained
from the caller context collection (of the specified trust verifier context) that has
non-empty constraints for that getProxyVerifier
method. The returned verifier is
used as is, if the class loader of the returned verifier's class is equal to the class loader
of the original bootstrap proxy's class, or if, in generating a serialization of the
verifier, no class passed to ObjectOutputStream.annotateClass
or ObjectOutputStream.annotateProxyClass
has a class loader not equal to the class loader of
the original bootstrap proxy's class but has a codebase that is equal to the codebase of the
original bootstrap proxy's class. Otherwise, the verifier is remarshalled in a manner
equivalent to creating a MarshalledInstance
with the verifier and then
calling the get
method of that object with the class loader of the original bootstrap
proxy's class as the default loader, with no codebase integrity verification and with an
empty context collection, and the remarshalled verifier is used instead. If an IOException
or ClassNotFoundException
is thrown by this remarshalling, the exception
is wrapped in an UnmarshalException
and the resulting exception is treated as if it
had been thrown by the remote call that returned the verifier. A class loader of a class
is the proper Java RMI class loader for its parent class loader and the class's codebase if
the class loader is not null
, the codebase for the class is a non-empty string,
and calling RMIClassLoader.getClassLoader
with that
codebase, with the thread's context class loader set to the parent class loader, returns the
class loader of the class.
isTrustedObject
in interface TrustVerifier
obj
- the object in which to verify trustctx
- the trust verifier context, to aid in verification of the specified object and its
componentstrue
if the specified object is known to be trusted to correctly
implement its contract; false
otherwiseNullPointerException
- if any argument is null
SecurityException
- if a security exception occursRemoteException
- if a communication-related exception occursCopyright © GigaSpaces.